package cn.wolfcode.crm.shiro;

import cn.wolfcode.crm.domain.Employee;
import cn.wolfcode.crm.domain.Role;
import cn.wolfcode.crm.service.IEmployeeService;
import cn.wolfcode.crm.service.IPermissionService;
import cn.wolfcode.crm.service.IRoleService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.ArrayList;
import java.util.List;

public class EmployeeRealm extends AuthorizingRealm {

    @Autowired
    private IEmployeeService employeeService;
    @Autowired
    private IRoleService roleService;
    @Autowired
    private IPermissionService permissionService;
    @Override
    public String getName() {
        return "EmployeeRealm";
    }
    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        try{
            String username = (String) token.getPrincipal();
            Employee employee = employeeService.getEmployeeByUsername(username);
            if(employee == null){
                return null;
            }
            SimpleAuthenticationInfo info =  new SimpleAuthenticationInfo(employee,employee.getPassword(),
                    ByteSource.Util.bytes(employee.getRealName()),getName());
            return info;
        }catch (Exception e){
            e.printStackTrace();
        }
        return null;
    }
    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        try{
            //获取当前登录的用户
            Employee employee = (Employee) principals.getPrimaryPrincipal();
            List<String> roles = null;
            List<String> permissions = null;
            if(employee.isAdmin()){
                roles = new ArrayList<>();
                List<Role> list = roleService.listAll();
                for (Role role : list) {
                    //将角色的编号存放在集合中
                    roles.add(role.getSn());
                }
                //超级管理员拥有的权限
                permissions = new ArrayList<>();
                permissions.add("*:*");
            }else{
                //非管理员
                roles = roleService.getRoleSnByEmployeeId(employee.getId());
                permissions = permissionService.getPermissonResourceByEmployeeId(employee.getId());
            }
            SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
            info.addRoles(roles);
            info.addStringPermissions(permissions);
            return info;
        }catch (Exception e){

            e.printStackTrace();
        }
        return null;
    }


}
